Various parameter options (PARM=).
PORT=&PORT,TCP=&TCP,US=&UNSECON,RMAUTH=&RMAUTH,CERT=&CERT,
KEYRING=&KEYRING,SV=&SSLVERS,CI=&CIPHERS,SSLT=&SSLTRCFN,SSLD=&SSLDUMP,CBDLL=&CBDLL'
- PORT=
-
The Listen Port
Default: 1202
- TCP=
-
The single TCP/IP stack name that CCISSLGW uses.
Default: All active TCP/IP stack names.
- UNSECON=
-
- NEVER - A remote CAICCI not supporting and enabled for SSL is denied a connection.
- ALLOW - All connections are unsecured unless the remote CAICCI supports and REQUIRES an SSL connection.
- NONSSL – A remote CAICCI not supporting SSL are allowed to connect unsecured. A remote CAICCI supporting and enabled for SSL connects secured.
- ONLY - Only unsecured connections are allowed. A remote CAICCI supporting and requiring SSL is denied a connection. This option disables SSL support for this gateway server. (CCITCPGW is CCISSLGW permanently set to this value.)
Default: NEVER
- RMAUTH=
-
- N - Do not authenticate Remote Certificates.
- Y - Do authenticate Remote Certificates.
- Pass - Remote certificates are not authenticated but are still requested for user exit validation.
Default: Y
- CERT=
-
The Server Certificate Label Name:
- '*' - Use a Certificate whose label is CCIGW. If not found, use a Certificate whose label is local to the CAICCI Sysid. If not found, use a Certificate whose label is CCI.
- 'label' - Use a Certificate whose name is label.
- “(null)” - Use the SystemSSL default Certificate.
Note: The embedded blanks within Certificate Label Names are not supported.
- KEYRING=
-
The name of an external security keyring (Used instead of an HFS key database).
- SSLVERS=
-
The version of System SSL that CCISSLGW uses to request SSL services.
- 1 - Version 1 (OS/390 version)
- 2 - Version 2 (z/OS 1.2 version)
- “(null)” - Use highest available version
Default: "(null)"
- PROT=
-
Specifies which security protocols are enabled:
- SSL - Only SSL Version 3
- TLS - Only TLS Version 1
- SSL/TLS or TLS/SSL or S/T or T/S or BOTH - Both SSL Version 3 and TLS Version 1 are enabled.
Default: SSL
Note: Set PROT to TLS if possible. TLS provides a much higher level of security.
- CIPHERS=
-
Specifies one or more SSL (Version 3) ciphers, in the order of usage preference, for CAICCI packet encryption in the form XXYYZZ...
- '01' - NULL MD5
- '02' - NULL SHA
- '03' - RC4 MD5 Export
- '04' - RC4 MD5 US
- '05' - RC4 SHA US
- '06' - RC2 MD5 Export
- '09' - DES SHA Export
- '0A' - 3DES SHA US
- '2F' - 128-bit AES SHA US
- '35' - 256-bit AES SHA US
- IBM - Use System SSL default list: (such as, 0504352F0A090306020100)
- 3DES - Use System SSL default list putting 3DES at top of list: (such as, 0A0504352F090306020100)
- AES128 or AES-128 - Use System SSL default list putting 128-bit AES at top of list: (such as, 2F0504350A090306020100)
- AES or AES256 or AES-256 - Use System SSL default list putting 256-bit AES at top of list: (such as, 3505042F0A090306020100)
Default: 3DES
- SSLTRCFN=
-
The name of the HFS file where System SSL can write trace entries. (Specifying the file name turns on tracing.)
- SSLDUMP=
-
Specifies whether the SSL packets are dumped to the Trace File (TRCPRINT):
Default: No
- CBDLL=
-
The module name of the dll containing the user exit routine for validating client (and server) certificates.
